gitlab-org/gitlab-foss v18.3.0

on GitLab

We are excited to announce the public beta release of the Duo Agent Platform for Visual Studio! With this release, Visual Studio users can now access Duo Agent Platform's advanced AI-powered capabilities directly within their IDE.

The Duo Agent Platform brings two powerful features to your workflow:

• Agentic chat: Quickly accomplish conversational tasks such as creating and editing files, searching your codebase with pattern matching and grep, and getting instant answers about your code—all without leaving Visual Studio.
  
• Agent flows: Tackle larger, more complex tasks with comprehensive planning and implementation support. Agent flows help you turn high-level ideas into architecture and code, leveraging GitLab resources like issues, merge requests, commits, CI/CD pipelines, and security vulnerabilities.
  

Both features offer intelligent search across documentation, code patterns, and project information, empowering you to move seamlessly from quick edits to in-depth project analysis.

Try the Duo Agent Platform beta in Visual Studio today and experience a new level of productivity and AI assistance in your development workflow.

The GitLab CLI (glab) now includes a new top-level command, opentofu.
The opentofu command is aliased to terraform and tf commands to assist with GitLab-managed
OpenTofu and Terraform states.

The following commands have been added:

• glab opentofu init: Initialize the state backend locally.
  
• glab opentofu state list: List all states in a project.
  
• glab opentofu state download: Download the latest state or a specific version.
  
• glab opentofu state delete: Delete the entire state or a specific version.
  
• glab opentofu state lock: Lock a state.
  
• glab opentofu state unlock: Unlock a state
  

To manage state with the opentofu command, you must have at least glab 1.66 or later.

GitLab now fully supports Kubernetes version 1.33. If you deploy your apps to Kubernetes, you can upgrade your connected clusters to the most recent version and take advantage of all its features.

For more information, see the Supported Kubernetes versions for GitLab features.

We're excited to announce significant improvements to the group overview in Your work, designed to streamline how you discover and access your groups.
The new tabbed interface features a Member tab, which provides a comprehensive view of accessible groups, and an Inactive tab to track groups pending deletion.
We've also streamlined group management by adding Edit and Delete actions to the list view for users with appropriate permissions.
We hope that these improvements make it easier to find and manage the groups that matter most to you.

We value your feedback on this update! Join the discussion in epic 18401 to share your experience with the new navigation system.

We've upgraded the Admin area projects list to provide a more consistent experience for GitLab administrators:

• Delayed deletion protection: Project deletions now follow the same safe deletion flow used throughout GitLab, preventing accidental data loss.
  
• Faster interactions: Filter, sort, and paginate projects without page reloads for a more responsive experience.
  
• Consistent interface: The projects list now matches the look and behavior of other project lists across GitLab.
  

This update brings the administrator experience in line with GitLab design standards, and adds important safety features to protect your data. Future enhancements to project management will automatically appear in all project lists throughout the platform.

This release introduces embedded views, powered by GLQL, to general availability. Create and embed dynamic, queryable views of GitLab data directly where your work lives: in wiki pages, epic descriptions, issue comments, and merge requests.

Embedded views provide a stable foundation for teams to track work progress without navigating between multiple locations. Query issues, merge requests, epics, and other work items using familiar syntax, then display the results as tables or lists with customizable fields and filtering.

Embedded views transform static documentation into living dashboards that stay current with your project data, helping teams maintain context and improve collaboration across their workflows.

We welcome your feedback as we continue to enhance embedded views. Please share your thoughts and suggestions in our feedback issue.

Administrators can now set the default behavior for unique domains on new GitLab Pages sites. By default, new Pages sites use unique domain URLs (like my-project-1a2b3c.example.com) to prevent cookie sharing between sites.

With this new setting for the instance, you can set new Pages sites to use path-based URLs (like my-namespace.example.com/my-project) by default. This helps organizations align GitLab Pages behavior with their workflows and security requirements.

Users can still override this setting for individual projects, and existing Pages sites remain unaffected.

This release introduces an enhanced wiki experience with three key improvements: you can now subscribe to wiki pages, view wiki comments while editing a page, and sort wiki page comments.

These enhancements help teams collaborate more effectively on documentation by letting you:

• Discuss content directly in context.
  
• Suggest improvements and corrections.
  
• Keep documentation accurate and up-to-date.
  
• Share knowledge and expertise.
  

With these updates, your GitLab wiki becomes living documentation that evolves alongside your projects through direct feedback and discussion.

Migration by direct transfer is now generally available. To migrate GitLab groups and projects between GitLab instances by direct transfer, you can use the GitLab UI or the REST API.

Compared to migration by uploading an export file, direct transfer:

• Works more reliably with large projects.
  
• Supports migrations with a larger version gap between the source and destination instances.
  
• Offers better insights into the migration process and results.
  

On GitLab.com, migration by direct transfer is enabled by default. On GitLab Self-Managed and GitLab Dedicated, an administrator must enable the feature.

We're excited to announce additional source control functionalities in the Web IDE. You can manage your Git workflow more efficiently without leaving your browser. In the Source Control panel, you can now:

• Create and delete branches.
  
• Create a branch from any existing branch as your base.
  
• Amend your last commit for quick fixes.
  
• Force push changes directly from the interface.
  

These enhancements bring Git operations right to your fingertips. For information about the functionalities available to you, see Use source control.

We’re also releasing GitLab Runner 18.3 today! GitLab Runner is the highly-scalable build agent that runs your CI/CD jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab.

Bug Fixes:

• In GitLab 18.2.0, runners are unable to pull the job cache by using the subdirectory file as cache key
  
• Docker executor fails to start jobs intermittently and returns an incorrect username or password error message.
  
• Inconsistency in *_get_sources hooks usage between none and empty Git strategies
  
• Operator deployed with non-OLM manifests assumes wrong default images
  
• Operator creates ConfigMap with the wrong name if CR has the app.kubernetes.io/instance label
  
• Operator 1.10.0 on OpenShift 4.9 fails to create runner ConfigMap and start pod in the gitlab-runner namespace
  

What's new:

• GitLab Runner Operator now supports runner manager pod annotation
  
• GitLab Runner Operator now supports OpenShift 4.19
  

The list of all changes is in the GitLab Runner CHANGELOG.

Pipeline security just got more flexible. Job tokens are ephemeral credentials that provide access to resources in pipelines. Until now, these tokens inherited full permissions from the user, often resulting in unnecessarily broad access capabilities.

With our new fine-grained permissions for job tokens feature, you can now precisely control which specific resources a job token can access within your projects. This allows you to implement the principle of least privilege in your CI/CD workflows, granting only the minimal access necessary for jobs to complete their tasks when accessing your projects with the CI/CD job token.

We're actively working to add additional fine-grained permissions to reduce reliance on long-lived tokens in pipelines.

GitLab now displays a security warning in the UI when a user uploads a weak SSH key. This warning appears for older key types or keys with insufficient bit length (less than 2048 bits). This change helps educate users about SSH key security best practices and encourages the use of stronger cryptographic keys.